After federating an Office 365 domain with Centrify, end users receive a Microsoft multi-factor authentication prompt at the Outlook client. A login authentication policy is not created at the Centrify Admin Portal.

Cause:

Azure Active Directory Conditional Access for SaaS apps and Azure AD connected apps lets you configure conditional access based on group, location, and application sensitivity. If a user has been configured using the per-user multi-factor authentication feature, this setting on the user will combine with the multi-factor authentication rules of the app. This means a user that has been configured for per-user multi-factor authentication will be required to perform multi-factor authentication even if they have been exempted from the application multi-factor authentication rules.

Resolution:

Complete the following steps to disable or remove the user from the access rule:

Sign in to the Azure classic portal Using an account that is a global administrator for Azure AD.

On the left pane, select Active Directory.

On the Directory tab, select your directory.

Select the Applications tab.

Select the application that the rule will be set for.

Select the Configure tab.

Scroll down to the access rules section. Select the desired access rule.

Disable or remove the user from the access rule.

The following link is provided as a courtesy to explain in more detail.

Feedback:
Use this form to send us your feedback or report problems you experienced with this knowledge article. Please note that we may not respond to general questions and/or information requests submitted through this form. This form will not help you receive technical support.